The growth of networking and the popularity of the Internet have created a need to improve the performance and reliability of network architectures. For example, FIG. 1 shoes a block diagram of a local network 100 according to a conventional network architecture Network 100 is connected to a network backbone 102 that connects several external networks. Backbone 102 may be, for example, the Internet or an Intranet. In this example, network 100 includes a firewall 104 connected to backbone 102 through an interface 105. Network 100 also includes a first server 106 connected to firewall 104 through an interface 107, and a second server 108 connected to firewall 104 through an interface 109. In this example, network 100 uses the TCP/IP communication protocols, which are well known in the art of networking.
Clients connected to backbone 102 may send packets to a specific server in network 100 (e.g., server 106) through firewall 104. Conversely, server 106 may send packets to the client through firewall 104 and onto backbone 102. However, network 100 is not fault-tolerant, in that firewall 104 represents a possible single point failure for network 100. More specifically, when firewall 104 fails, servers 106 and 108 can no longer communicate with clients connected to backbone 102. In particular, servers are typically not configured to detect failure of “first hop” firewalls (i.e., the first firewall encountered by an outbound packet from a server). Thus, the servers will continue to send packets to the failed firewall, never knowing that the outbound packets do not leave network 100 (sometimes referred to as a “black hole” for outbound traffic).
One conventional scheme to eliminate this single-point failure is to include a second firewall in the local network. FIG. 2 shows a block diagram of a network 200 according to such a conventional scheme. In this example, network 200 includes a second firewall 202 connected to backbone 102 through an interface 203. Firewalls 202 and 104 are connected to a shared medium 204 (e.g., Ethernet cable) through interfaces 206 and 208. Servers 106 and 108 are connected to shared medium 204 through interfaces 210 and 212, respectively. Although the second firewall 202 does provide fault-tolerance, the use of shared medium 204 undesirably increases the complexity of network 200 and degrades the performance of network 200.
In one implementation of this conventional scheme, fault-tolerance is mainly implemented on the servers. In particular, the servers are special servers configured to listen to the firewall information protocol (RIP) and can detect the failure of a firewall. Then these servers can adapt to reconfigure themselves to change the default firewall. However, this scheme places a large burden on the server to listen and process the complete routing table that exists in the network. Consequently, server performance is significantly impacted by this scheme, which, of course, is undesirable. Further, this processing of the RIP information takes on the order of several minutes, which is a relatively long time to correct a firewall failure. This relatively-long correction-time undesirably allows a significant number of packets to be sent to the “black hole.”
In another scheme that is implemented in the firewalls as well as in the servers, servers 106 and 108 are configured with a “virtual” Internet protocol (IP) address different from the regular interface IP addresses of firewalls 202 and 104. Firewalls 202 and 104 are configured with a virtual IP address and monitor every packet on shared media 204. Thus, when one firewall fails, the other firewall detects this failure and can then handle the packets of the failed firewall.
Although this virtual IP address scheme may represent an improvement in detection of a failed firewall over the previously-described scheme, several problems remain. For example, this scheme is intrusive in that this scheme requires the use of special firewalls and specially-configured servers that support this virtual-address scheme. Thus, this scheme may not be practical for a user already having a significant investment in servers and firewalls that do not support these virtual-address features. In addition, the presence of a third firewall IP address may confuse the network management system used by the user.